Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Include latest antimalware platform release with ConfigMgr client

    New anti-malware platform updates are released periodically. It would be good to have the latest version included as part of the ConfigMgr client installation so that clients can take advantage of the latest features in Endpoint Protection.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Wildcards can not be used when configuring Excluded Processes in Exclusion Settings in the anti-malware policy

    Wildcards can not be used when configuring Excluded Processes in Exclusion Settings in the anti-malware policy.
    Since it is judged as an invalid character string, please add a function so that it can be used.

    With Windows Defender alone, you can use wildcards for process exclusion.

    Use wildcards in the process exclusion list
    https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-process-exclusion-list

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Info channel disposing details on logic/behaviour of EP

    We would like an information channel, where MS disposes information on the behavior of the Endpoint Protection product. Especially when things change but also how things are now (logic, build-in defaults, parameterization and how to configure, etc...).
    E.g. : We recently had a 'false positive' Worm:Win32/Bluber.A detected in C:\Windows\System32\sysinfo.ocx file. In this case, we chose to 'quick fix' this issue by performing a 'Restore files quarantined by this threat' (see picture). This action creates an exception rule for the detection and remediation of this particular threat, on the SCCM EP GPO. This exception is only temporary; it used to be…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Automating Microsoft Endpoint Full System Scan upon Infection with Email Notification

    I wrote a PowerShell custom detection method that reads the event viewer logs and thereby returns a failed installation if an infection is logged in the event viewer. The application installation is therefore a powershell script that initiates a full system scan. For the custom detection to be successful, there must be an event viewer entry of the full system scan after the infection entry. I have written up the process in my blog posting here: http://mickitblog.blogspot.com/2015/12/automating-microsoft-endpoint-full.html

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. I would like to see configuration managers end point agent be able to detect and block thumb drives and do web content filtering

    I would like to see configuration managers end point agent be able to detect and block thumb drives and do web content filtering via the agent.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. SCEP: Ability to put exclusions specific to individual machines.

    Hi Team,

    We currently do not have ability to put exclusions specific to individual machines. This can oly be done through collections and policies. Why dont we give the ability to end point amdinistrator group to add exclusiosns to individual machines based on requests which is possible through McAfee.

    Thanks,
    Vinayak

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. limited periodic scanning

    We use a "next gen" AV program, but we want to leverage Windows Defender to do "limited periodic scanning". The setup is supported by Defender and or AV client, but there does not seem to be an option to enable the feature via SCCM EPP management. I'd like to be able to force this to be toggled on.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add "source IP" filed in SCEP alert to indicate malware infection source for worms

    I suggest to add the “source IP” field to indicate where the worm like malware comes from, especially for Ransomware WannaCrypt.

    We know that Wannacrypt exploits vulnerability in SMBv1 to spread as worm, so in such scenarios, if the detection alert can have an attribute about which source computer exploits the vulnerability and drops the malware payload, that would be great help to customer locating the source computer. This applies to other worms.

    Expected detection from 3rd party AM product

    === Event Details ===
    Event ID: 147613895128
    Start Time: 21 Sep 2017 10:25:47 CST
    End Time: 21 Sep 2017 10:25:47…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Please Fix SCEP reports

    Hi all,

    I found two strange things in the 'Antimalware overall status and history' SCEP report.

    The first (Overall Endpoint Protection status and history part):
    (q1a.png, q1b.png, q1c.png included)
    The problem is that when the daily data goes to the historical table the ‘inactive’ and the ‘not installed’ counters will be the same. For instance, if I have 50 inactive clients they will be represented as with 50 ‘not installed’ too. Or customer was nerves about this statistic, because no machine can go into the production network without SCEP, but they see lots of ‘not installed’ in

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. 7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add all levels of "Sample Submission" to GUI

    In the client Policy for SCEP we have "Auto Sample Submission" turned on as the default. However this only works for some files that are suspicious. There are actually two other levels of Sample Submission that can only be obtained by changing registry values and pushing out these settings as a script via SCCM, or GPO. Would love to have these exposed through the GUI.

    Talking about these settings:

    Problem:
    SCEP is prompting for submission of suspicious files when in policy "Auto Sample Submissions" are enabled. Trying to find out why we are getting prompts.

    Resolution:
    I received and reviewed…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Please include the option to include MONTHLY FULL scans on systems.

    Currently we do not have the option to configure monthly full virus scans on our servers. Daily quick or full scans on hundreds of servers is not a very optimal solution.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support for uninstall password for 3rd party enterprise antivirus.

    Support for uninstall password for 3rd party enterprise antivirus.
    Symantec especially, but the more support the better.
    This would help tremendously with migrations to Endpoint Protection.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. SCEP/Endpoint Allow Custom Threat List

    SCEP/Endpoint Protection should allow admins to add a custom file names, folders, or extensions as a threat. This would be very helpful in zero day vulnerabilities.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. WIndows Defender Application Control - Specify Base Policy when creating Policies

    When SCCM is applying the policy it Creates 2 XMLs in C:\windows\CCM\DeviceGuard and uses a windows template in C:\Windows\Schemas\Codeintegrity\ExamplePolicies

    This means that Rules already applied are not replicated when SCCM overwrites the current sipolicy.p7b (tested with before and after - some publisher rules were missing)

    My suggestion is to allow users to specify an additional xml to be merged with the 3 aforementioned xml files essentially allowing for custom rules to be replicated in the policy.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. 6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Give full controll over Windows Defender Controlled Folder Access

    The default configuration in Windows defender controlled access folder blocks folders like pictures, documents, desktop etc. and you can't turn it off. It was difficult to deploy applications so we decided to not use this feature anymore and it's a shame because it's a such a great idea. We would like to have an option to disable this default behavior. At our company We want only to protect network drives/folders and don't care about pictures folders etc.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Impliment RBAC control settings for Bitlocker management

    Currently only a Full Administrator can create or deploy a bit locker management policy. Please enable these rights to be delegated.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Disable 'Scan Now' for Users

    I would like to have a possibility to disable the 'Scan Now' button (System Center Endpoint Protection) for example on RDS environments.
    I would like to prevent that multiple users start a Full Scan during office hours.
    Using System Center 2012 R2 Configuration Manager or by GPO.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add the possability to configure a Quick/Full Scan if the client is infected.

    Some malware reproduces themselves in various files.
    For us a Quick/Full Scan if the Client is infected would be great.

    Option:
    If the Client was infected within "X" Hours/Days, run a "Quick/Full" Scan and create a report

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base